MailerMonk
    01Free tools
    02Backlink agent03How it works04Pricing
    Sign inStart free trial
    PrivacyTerms
    Chapter · SPF for Mailgun
    Revised 17 Jun 2026
    Guide · SPF · Mailgun

    How to set up SPF for Mailgun.

    Mailgun's authentication is API-driven and slightly more developer-oriented than SendGrid's. They issue both SPF and DKIM records when you add a domain.

    Afsan Rahmatullah
    Afsan RahmatullahMailerMonk

    SPF (Sender Policy Framework, RFC 7208) authorizes specific servers to send mail for your domain. When you start sending through Mailgun, you must publish a single SPF record at your domain apex that includes Mailgun's sending infrastructure — otherwise the messages will fail SPF, your DMARC checks will fail, and your mail will land in spam or be rejected outright.

    If you already publish SPF for another sender (Google Workspace for inbound, a marketing tool, your CRM), do not publish a second record. Merge the new include into the existing record. RFC 7208 §3 forbids multiple SPF records on the same name and receivers MUST return permerror when they see one.

    Publish these DNS records

    Add the following record(s) to your domain's DNS zone. Most registrars (Cloudflare, Route 53, Namecheap, GoDaddy) accept values exactly as shown.

    Record · TXT
    Type
    TXT
    Host
    @
    Value
    v=spf1 include:mailgun.org ~all
    Why this matters
    • Mailgun supports either apex sending or a subdomain. For apex sending, the SPF record above goes on the apex.
    • For subdomain sending (e.g. `mg.your-domain.com`), publish the SPF on the subdomain instead and leave the apex untouched.

    Where in Mailgun

    The SPF configuration lives in Mailgun → Sending → Domains → <your-domain> → DNS records.

    Verify the records

    Once published, run the SPF Checker on your domain to verify the lookup chain expands cleanly and stays under the 10-DNS-lookup limit.

    From a terminal
    dig +short TXT your-domain.com
    Run the free SPF checker

    Common pitfalls

    Pitfall
    • Mailgun's EU and US regions have different DNS values (different MX hosts for inbound, different DKIM key hosts). Make sure you're following docs for the region your account is in.
    • Older Mailgun guides reference `domainkey` selectors literally; current accounts use the selector you chose in the dashboard.
    After you publish

    Want to know if it actually keeps working?

    MailerMonk continuously watches your SPF record, aggregate DMARC reports, and inbox placement — and pings you the moment something drifts. Free for the first domain.

    Start free trial

    About the author

    Afsan Rahmatullah
    Afsan Rahmatullah
    MailerMonk

    Building tools that keep cold email out of spam. Writes about deliverability, DMARC, and what actually moves inbox placement.

    Related · Mailgun

    Other records for Mailgun